How much does it cost to use NORA?

The messenger itself is free. Creating an account, conversations, voice and video calls, connecting to the node network — without a single coin in the wallet. ETH is needed only when you send ETH or USDC via the built-in wallet (gas in fractions of a cent on Base) or when you run your own server node (a 0.01 ETH stake plus ~$0.5/year in heartbeat gas). Receiving ETH or USDC works with a completely empty wallet — the sender pays the fee.

What about resistance to network blocks?

Five transports — P2P, Onion mesh, QUIC/Hysteria2, REALITY TLS, direct WSS. The client tries them in order and caches the choice. REALITY is the most invisible layer, disguised as a legitimate TLS handshake to large sites. On top, a volunteer VPN relay lets users with a working VPN turn their device into a NORA TURN node so peers without a VPN can still get through.

What about group chats, media and calls?

1:1 voice and video calls work via WebRTC and our own TURN. Media and group chats are on the roadmap and will arrive in upcoming releases.

NORA — a messenger for those who value digital freedom

Features

Everything to keep the conversation strictly between you.

Cryptography, network and interface — built on a single principle: "trust math, not the server".

End-to-end encryption

ECDH P-256 for key exchange, HKDF-SHA256 for derivation, AES-256-GCM for messages. The server only ever sees encrypted bytes.

No phone numbers, no e-mail

Sign-up is an Ethereum wallet (BIP39 12 words). Only you know the seed phrase. The username is just a label and you can change it.

Mesh node network

Nodes talk over a gossip protocol. Take one server down — the conversation never stops, the client migrates to the next one.

Censorship bypass

A REALITY tunnel disguises traffic as ordinary TLS to large sites. By SNI and shape it's indistinguishable from Microsoft.

On-chain discovery

The list of working nodes is published in a smart contract on Base. Nobody can "switch off" the directory — there isn't one.

Safety numbers

12 SHA-256 groups for offline key verification. If there's a MITM on the other side, you'll see it without any blue checkmark.

Voice and video

WebRTC over ICE and our own TURN. If P2P fails — relay through your own nodes, no Google clouds.

Built-in wallet

The wallet lives inside the client. View ETH/USDC balances, send, receive — without leaving the app. One and the same key.

Hardware-backed keys (StrongBox)

On Pixel 3+, Samsung S20+ (Knox Vault), OnePlus 8+, Xiaomi Mi 11+ and other StrongBox devices, NORA's master key lives inside a dedicated security chip. The key never leaves silicon — even root-level malware can't extract it.

Security

Protection you can verify without trusting us.

Every layer can be checked independently: verifiable signatures on the client, a transparent node protocol, contracts on a public network. Everything we say about NORA can be checked by hand.

The key stays with you. The seed never leaves the device. We can't "recover the account" — and that's a feature.
Pinned TLS. SPKI pin on the client: a forged certificate won't pass even from a valid CA.
Forward secrecy. Ephemeral keys per session: even compromise of a long-term key doesn't open past conversations.
Anti-Sybil. Nodes pay stake into a smart contract — mass-spawning fakes is expensive and visible to everyone.
FLAG_SECURE on seed. Screenshots of the seed phrase are blocked at the OS level.

Threat model

Reading the conversation server-side	impossible
Substituting the peer's key	visible in UI
Selective SNI blocking	REALITY bypass
Seizing the "main" server	there isn't one
Disabling the node directory	on-chain
Full Internet shutdown	won't protect

+3W9uil6TJuXORhAFhVU6hrSIUQsN+l6dDMrXRXYheY= Our node's SPKI pin

Architecture

Five transport layers. One of them always works.

The client picks its own route and quickly degrades to the next one if the channel is noisy or blocked.

01

P2P · WebRTC

Direct connection via ICE/STUN if NAT allows. Fastest, most private.

low latency

02

Onion mesh

Layered encryption through 3 random nodes. None knows both ends of the conversation at once.

privacy

03

QUIC · Hysteria2

UDP/443, disguised as plain QUIC. Often gets through where TCP is already shaped.

DPI-resistant

04

REALITY TLS

Steal-handshake to a real domain (microsoft.com etc.). On the wire it looks like legitimate TLS.

stealth

05

Direct WSS

A plain WebSocket-over-TLS to a node. The base channel when nothing needs to be circumvented.

baseline

Peer network

A network that can't be turned off — because you own it.

NORA is not "an app and a server". It is Node-based Onion Routing Architecture: dozens of independent nodes raised by the community, with onion routing on top. The more people, the stronger the network.

Anonymity

No phone numbers, no e-mail, no "central" confirmation. The account is a key that stays on the device. The onion route splits "who" from "where to": no single node knows both ends of a conversation.

Reliability

Each node is signed with its own ECDSA key and publishes a stake in the smart contract on Base. A fake node costs money and is visible to the whole world — mass-spawning fakes makes no economic sense.

Fault tolerance

Take one node down — the client migrates to the next one in 200 ms. Take ten down — nobody notices. There's no "main server" to take down: the directory lives in the blockchain.

01

Spin up a node in one tap

The app has a "become a TURN node" toggle. If you have stable Internet and a desire to help, your phone or tablet starts taking relay traffic for other users' calls. No setup, all in the background.

Toggled on / off with one button
Runs only on Wi-Fi while charging (default)
Traffic is encrypted — your node sees no content

02

Run a full server

Have a VPS? Install the NORA server software — it's open source, installs with one command, and works with the Base blockchain. After registering in the smart contract, your node automatically appears in every client's directory worldwide.

Linux · 1 CPU · 1 GB RAM — minimum
Registration: 0.01 ETH stake in the Base contract
Heartbeat 2–3 times a day, ~$0.5/year in gas

Why deanonymization is practically impossible

No phone number — no link to a SIM and a carrier. No e-mail — no link to Google/Apple. No "main server" that could hand over logs: records about you are spread across dozens of independent nodes, and the messages themselves are end-to-end encrypted. Your identity isn't given away even by the messenger itself: it doesn't know it.

Wallet

Payments right inside the conversation.

Every copy of NORA has a full crypto wallet built in. The same key you use to sign in to the messenger holds your balance — without separate apps, without leaving for a browser, without ever handing the seed phrase to anyone.

ETH and USDC out of the box Balances are visible right away and update in real time. Network — Base (low fees, instant confirmations).
Send to a peer in one tap Send ETH/USDC straight from a chat — the address is already known, nothing to copy.
Receive without an app A QR code and a link to your address — the sender can be on any other wallet, signing into NORA isn't required.
The key never leaves the device Transactions are signed locally in Keystore. NORA sees neither the private key nor the payments themselves: you alone control the funds.

Base The network is built for mass usage: average fee is fractions of a cent, transfers arrive in 2 seconds.

Base · mainnet

Built on Base

0x5a91…b93B

Balance

0.412 ETH

≈ $1 238.40

Ethereum0.412 ETH

+1.4%

USD Coin540.00 USDC

0.0%

→ Alice−25.00 USDC

← 0x9f…7eA+0.05 ETH

How it works

Three steps — and the conversation lives without intermediaries.

No SMS confirmations, no profile registration "in the centre". Keys appear on the device and never leave it.

01

Create a wallet

The app generates 12 BIP39 words, shows the secret, asks you to confirm — and forgets the plaintext. It's stored only encrypted in Keystore.
02

Sign the binding message

The wallet key is bound to a separate messaging key via personal_sign. It proves: the one who sends messages is the same one who owns the address.
03

Connect to the nearest node

The client pulls the directory from the contract on Base, picks a live node, and brings up an E2E session. From that second on, the server is no obstacle to encryption.

Ready to try it?

A public Android beta is available now. iOS is in the works.

APK · Android Details

Android 8.0+ ~50 MB v1.4.3 (26)

Verify your download

We can't ask you to trust the download. Check it yourself — these never lie:

1 · APK checksum (SHA-256)

Confirms the file arrived intact and untampered. Compare it with nora.apk.sha256.

d6eb929baa5c2e26fe92bb9e15ba681231bedeba9d6a5477c5b2eb2c030cfdcb

sha256sum nora.apk

2 · Signing certificate (SHA-256)

This is the strongest anchor: it stays the same across every future update. If an APK shows a different fingerprint, it is not from us — do not install it.

08:25:F9:EE:9A:48:0D:09:0D:F4:22:DF:7C:F4:8F:B6:C0:2F:F5:27:80:AC:06:D6:89:8F:BE:18:A3:D7:75:1A

apksigner verify --print-certs nora.apk

FAQ

Common questions

Is it really without a phone number?

Yes. The account is your Ethereum address. No SMS, no link to a SIM. The username can be anything and changed any time.

And if I lose my phone?

If you saved the 12-word seed phrase, you can restore the account on any device. If you didn't — no one can help: we deliberately don't have that capability.

Why does a messenger need a blockchain?

For one job only — publishing the list of live nodes. That can't be censored, revoked or lost. Messages are never written to the blockchain.

How much does it cost to use?

The messenger itself is free. Creating an account, conversations, voice and video calls, connecting to the node network — without a single coin in the wallet: none of that is written to the blockchain, no gas needed.

You'll only need ETH on the account in two cases:

You send ETH or USDC via the built-in wallet — gas is needed for the transaction (on Base — fractions of a cent).
You run your own server node — registering in the smart contract requires a 0.01 ETH stake (returned when you leave the network) plus ~$0.5/year on heartbeat transactions.

Receiving ETH or USDC works with a completely empty wallet — the sender pays the fee. So someone receiving money for the first time can spend it right away — no "top up first".

What about resistance to blocks?

Five transports: P2P → onion → QUIC → REALITY → direct TLS. The client tries them in order and caches the choice. REALITY is the most "invisible" layer — it disguises itself as a legitimate TLS handshake to large sites.

On top there's a volunteer VPN relay: users who already have a working VPN can flip a switch in the app and turn their device into a NORA TURN node. Their VPN tunnel becomes the "exit" to the open Internet, and other users — those without a VPN or whose VPN broke — get into the messenger through them. A live mutual-aid network: the more people enable the relay, the smaller the chance that blocks cut someone off.

The volunteer themselves see nothing but encrypted traffic — messages stay E2E, and their IP is exposed only to the NORA node, not to peers.

What about group chats, media, calls?

1:1 calls (voice/video) work via WebRTC + our TURN. Media and groups are on the roadmap and will arrive in the next releases.

A messenger for those who value digital freedom.